dj-rest-auth VS drf-yasg

I am using dj-rest-auth for authentication. I am using JWT token authentication. All advice on JWT tokens is to not store them in local storage. Instead, using this package I store them in HttpOnly cookie. Now, I am apparently vulnerable to CSRF attack. So I enable JWT_AUTH_COOKIE_USE_CSRF. This checks the CSRF token on authenticated requests. However, there is still the potential vulnerability known as "login CSRF" as detailed by this issue on Github. In order to account for this, there is another setting called JWT_AUTH_COOKIE_ENFORCE_CSRF_ON_UNAUTHENTICATED. This enforces CSRF on unauthenticated views (such as login).

Try to use https://github.com/iMerica/dj-rest-auth

I was using djoser in the past. Now Im using very similar dj-rest-auth https://github.com/iMerica/dj-rest-auth

you can use this.

I found the dj-rest-auth as a method of making a rest auth api, unfortunately when using the documentation I have this error coming up.

I've followed the documentation: https://dj-rest-auth.readthedocs.io/en/latest/index.html

Right now, I'm using dj-rest-auth for Token based authentication. I store token in the localStorage. Earlier I was using djoser for adding auth in the project (I wrote article about my approach with djoser).

Please use https://github.com/iMerica/dj-rest-auth as this project is no longer maintained. Thanks!

I believe drf-yasg what you need. You can create a schema manually and define request and response types for your small API.

Check this out: https://drf-yasg.readthedocs.io/en/stable/

There's also the caveat of having different API documentation for both the frontend solution and the API-only solution, since I don't want to expose the frontend-specific endpoints to the API-only endpoints, but I think that might just take some time playing around with swagger: https://drf-yasg.readthedocs.io/en/stable/

Swagger and OpenAPI capabilities using drf-yasg, where you can only see endpoints and Swagger docs if you have a valid Token

The major apps are news and accounts. While the former handles almost all the physical functionalities of the system, the latter only does user stuff. The api app exposes the data for consumption. It is documented using drf-yasg, a Swagger generation tool implemented without using the schema generation provided by Django Rest Framework. The api has a token-based authentication which requires that all POST requests must provide a token to be accepted, otherwise a not too interesting response:

Our RESTful API was actually the easiest to document, because we were able to rely on third-party libraries from the start. It was a Python Django and Django REST Framework project that leveraged the drf-yasg OpenAPI generator library to create OpenAPI and Swagger compatible documentation.

This post will go through how to document your DRF APIs using https://github.com/axnsan12/drf-yasg/ package.